System and method for seamless application hosting and migration in a network environment

ABSTRACT

An example method includes receiving a hypertext transfer protocol (HTTP) request from a client for an application at a first datacenter at which the application is not available; and querying a first global site selector (GSS) configured to identify a second datacenter at which the application is available. The second datacenter can be identified by a selected virtual Internet Protocol (VIP) address. The method can also include forwarding the HTTP request to the selected VIP address; and responding to the client with an HTTP response received from the selected VIP address.

TECHNICAL FIELD

This disclosure relates in general to the field of communications and,more particularly, to a system and a method for seamless applicationhosting and migration in a network environment.

BACKGROUND

Cloud computing can facilitate organizing computing resources intomultiple datacenters, each datacenter offering a pool of configurablecomputing resources and storage and physically separated from the otherdatacenters. Such multi-datacenter architectures can offer datadistribution services with high availability, among other features.These datacenters, and other such service provider or enterprisedeployment architecture where a single domain name is hosted acrossmultiple datacenters can also offer geographic proximity, which canresult in low latency, and thereby, provide better fault migration andload sharing.

BRIEF DESCRIPTION OF THE DRAWINGS

To provide a more complete understanding of the present disclosure andfeatures and advantages thereof, reference is made to the followingdescription, taken in conjunction with the accompanying figures, whereinlike reference numerals represent like parts, in which:

FIG. 1 is a simplified block diagram illustrating a communication systemfor seamless application hosting and migration in a network environmentin accordance with one example embodiment of the present disclosure;

FIG. 2 is a simplified block diagram illustrating example details of thecommunication system in accordance with one embodiment;

FIG. 3 is a simplified block diagram illustrating another embodiment ofthe communication system;

FIG. 4 is a simplified flow diagram illustrating example operations thatmay be associated with an embodiment of the communication system;

FIG. 5 is a simplified flow diagram illustrating other exampleoperations that may be associated with an embodiment of thecommunication system; and

FIG. 6 is a simplified flow diagram illustrating yet other exampleoperations that may be associated with an embodiment of thecommunication system.

DETAILED DESCRIPTION OF EXAMPLE EMBODIMENTS Overview

An example method is provided and includes receiving a hypertexttransfer protocol (HTTP) request from a client for an application at afirst datacenter at which the application is not available; and queryinga first global site selector (GSS) configured to identify a seconddatacenter at which the application is available. The second datacentercan be identified by a selected virtual Internet Protocol (VIP) address.The method can also include forwarding (i.e., communicate in any way)the HTTP request to the selected VIP address; and responding to theclient with an HTTP response received from the selected VIP address.

In example embodiments, the first GSS can identify the second datacenterfrom a VIP uniform resource locator (URL) configuration {VIP, URL} thatincludes the selected VIP address corresponding to a URL of theapplication. In example embodiments, the method may further includeconfiguring the application on an application control engine (ACE) inthe second datacenter, and pushing the URL-VIP pair to a second GSS inthe second datacenter. The second GSS may propagate the URL and theselected VIP address to the first GSS. The URL of the application may beadded to a URL match policy in the ACE. In some embodiments, the URL ofthe application may be added to the URL match policy when theapplication is added to the second datacenter, and other features.

Example Embodiments

Turning to FIG. 1, FIG. 1 is a simplified block diagram illustrating acommunication system 10 for seamless application hosting and migrationin a network environment in accordance with one example embodiment. FIG.1 illustrates a client 12 that can communicate with a domain name system(DNS) server 14. A Domain Name Service running in DNS server 14 maytranslate queries for domain names (e.g., www.company.com) into InternetProtocol (IP) addresses. Client 12 can communicate with an applicationcontrol engine (ACE) 16(1) having a virtual IP (VIP) address VIP1 in adatacenter 18(1) (“datacenter 1”) over a network (e.g., Internet) 20(1).Datacenter 18(1) may communicate with another datacenter 18(2)(“datacenter 2”) over another network (e.g., wide area network (WAN))20(2). Datacenter 18(2) may include another ACE 16(2) that cancommunicate with ACE 16(1). Datacenters 18(1) and 18(2) may includerespective global site selectors (GSSs) 22(1) and 22(2). Datacenter18(2) may include servers 24 that host an application 26.

According to embodiments of communication system 10, ACEs 16(1) and16(2) may be configured to receive hypertext transfer protocol (HTTP)requests destined to VIP addresses configured locally and to match therequest using URL match policies to balance load among servers inrespective datacenters 18(1) and 18(2). GSS 22(1) and 22(2) may allowdeployment of Internet and intranet applications (e.g., application 26)such that application users (e.g., client 12) may be quickly routed to astandby datacenter (e.g., datacenter 18(2)) if a primary datacenter(e.g., datacenter 18(1)) is down. GSS 22(1) and 22(2) can perform globaltraffic management and loadbalancing of the applications according tosuitable business rules. GSS 22(1) and 22(2) may also act asauthoritative name servers, performing DNS resolution based on client12's DNS request for a specific domain name (e.g., www.company.com) andchoosing a suitable datacenter 18(1) or 18(2) (e.g., amongst multipledatacenters hosting the domain name) to respond to client 12's DNSrequest.

Certain terminologies are used with regard to the various embodiments ofcommunication system 10. The term “client” may be inclusive of devicesused to initiate a communication, and programs that seek to initiate acommunication on behalf of another entity or element, and can includecomputers, personal digital assistants (PDAs), laptops, electronicnotebooks, cellular telephones, tablets, iPads, databases, or any othercomponent, device, element, application, or object capable of initiatinga voice, audio, video, or data exchanges within communication system 10.As used herein, the term “datacenter” may include a network of hardwareand software forming a shared pool of configurable computing resources(e.g., networks, servers, storage, applications, services, etc.) thatcan be suitably provisioned to provide on-demand self-service, networkaccess, resource pooling, elasticity and measured service, among otherfeatures.

As used herein, the term “application” may be inclusive of any type ofnumeric, voice, video, or script data, or any type of source or objectcode, or program files, software, executable file comprisinginstructions that can be understood and processed on a computer, librarymodules loaded during execution, object files, system files, hardwarelogic, software logic, or any other executable modules or other suitableinformation in any appropriate format that may be communicated from onepoint to another in electronic devices and/or networks.

As used herein, the term “network element” can include computers,network appliances, servers, routers, switches, gateways, bridges,loadbalancers, firewalls, processors, modules, or any other suitabledevice, component, element, or object operable to exchange informationin a network environment. Moreover, the network elements may include anysuitable hardware, software, components, modules, interfaces, or objectsthat facilitate the operations thereof. This may be inclusive ofappropriate algorithms and communication protocols that allow for theeffective exchange of data or information.

The term “HTTP request” may be inclusive of a request message in HTTP orequivalent client-server protocols, such as HTTP secure (HTTPS), secureHTTP (S-HTTP), HTTP/1.1 Upgrade header, Representational state transfer(REST), SPDY, Waka, etc. The HTTP (and equivalent) protocol is aclient-server protocol, where the client submits the HTTP requestmessage to the server. The HTTP request can contain the following: arequest line, for example GET /app1.html HTTP/1.1, HOST:www.company.com, which requests a resource called app1.html from serverlocated at www.company.com; headers, such as accept-language: en; anempty line; and an optional message body. In a general sense, the HTTPrequest can contain a URL of requested resource.

The server, which provides resources such as hypertext markup language(HTML) files and other content, or performs other functions on behalf ofthe client, returns a response message, called herein as an “HTTPresponse,” to the client. The HTTP response can contain completionstatus information about the request and may also contain requestedcontent in its message body, including the following: a status-line (forexample HTTP/1.1 200 OK, which indicates that the client's requestsucceeded; headers, such as content-type: text/html; an empty line; andan optional message body.

“URL” is a specific character string that constitutes a reference to anetwork resource. In general, the URL comprises the following: theprotocol (e.g., http, https, gopher, etc.), followed by a colon, twoslashes, then, depending on the protocol, a server name (exp, ftp, www,smtp, etc.) followed by a dot (.) then a domain name (alternatively, IPaddress), and the path of the resource to be fetched or the program tobe run. An example of a URL is http://www.company.com/app1.html, whichindicates the HTTP protocol, the server www, located at the domain namecompany.com, with the path indicated by app1.html, to the resourceidentified as app1.html. The domain name (or IP address) gives thedestination location for the URL; and the path is used to specify andfind the resource requested. The domain name (e.g., company.com) is anidentification string that defines an IP address in a network.

For purposes of illustrating the techniques of communication system 10,it is important to understand the communications that may be traversingthe system shown in FIG. 1. The following foundational information maybe viewed as a basis from which the present disclosure may be properlyexplained. Such information is offered earnestly for purposes ofexplanation only and, accordingly, should not be construed in any way tolimit the broad scope of the present disclosure and its potentialapplications.

Large multi-datacenter deployments are on the rise, as also web-basedenterprise applications with cloud based application hosting. Formultiple, geographically distributed datacenters, the domain name (e.g.company.com) can be resolved to the IP address of any one of thedatacenters; however, each datacenter may serve a different set ofapplications under the same domain name. Such asymmetric applicationdistribution over a set of datacenters may be implemented for variousreasons: different datacenter capacities, capabilities, service levelagreements, etc. may lead to different applications being hosted atdifferent datacenters; application migration between datacenters canresult in temporary asymmetric application distribution; applicationredundancy and fail over between multiple distributed datacenters maylead to multiple datacenters hosting the same applications, althoughonly one datacenter has the application active and accessible by users.

Server load balancing devices, such as the ACE that are connected to acorporate LAN or the Internet, can balance content requests among two ormore servers. Server loadbalancing devices ensure that the contentconsumer is directed to the host that is best suited to handle thatconsumer's request. GSS typically performs loadbalancing across multiplegeographically dispersed datacenters. GSS leverages global contentdeployment across multiple distributed and mirrored data locations,optimizing site selection, improving DNS responsiveness, and ensuringdatacenter availability. The GSS is generally inserted into thetraditional DNS routing hierarchy and monitors the health and load ofthe ACEs in individual datacenters. The GSS uses the ACE suppliedinformation and user-specified routing algorithms to select a suitable(e.g., least-loaded) datacenter in real time. The GSS can detect siteoutages, ensuring that web-based applications are online and thatcustomer requests to datacenters that suddenly go offline are quicklyrerouted to available resources. GSS can also play the role of anauthoritative DNS server for specific domain names hosted by certainorganizations across the datacenters they own.

DNS is a hierarchical distributed naming system for any resource (e.g.,computer, network service, etc.) in a network. DNS associatesinformation such as IP addresses with corresponding domain names (e.g.,company.com) in the network. Some of the components in the DNSinfrastructure include DNS resolvers (e.g., clients that access DNSservers); DNS servers (e.g., server running DNS software that has theresponsibility of finding the requested web site); root name servers(e.g., server residing at the top of the DNS hierarchy, and that canresolve the top level domains, such as .com, .net, etc.); intermediatename servers (e.g., server used for scaling purposes, delegated from theroot name server); authoritative name servers (e.g., server thatresponds directly to the DNS server with the requested IP address).Information about the domain name space is stored on DNS servers thatare distributed throughout the Internet. Each DNS server stores thecomplete information about its small part of the total domain namespace. This space is referred to as a DNS zone. A zone file containingDNS information for each domain (e.g., “company.com”) or subdomain(e.g., “abc.company.com”) in the DNS zone is stored in the DNS server.

End users needing data from a particular domain (e.g., company.com)generate a recursive DNS request on their client that is sent first tothe local DNS server. The DNS server returns the IP address of therequested domain to the end user. If the local DNS server does not havethe information requested by the end user, it sends a query to a rootname server asking for the IP address. The root name server responds tothe request by either: referring the DNS server to the specific nameserver supporting the top-level domain; or sending the DNS server to anintermediate name server that knows the address of the authoritativename server for the requested domain name.

The local DNS server sends a query to the intermediate name server thatresponds by referring the DNS server to the authoritative name serverfor the requested domain name and all the associated subdomains. Thelocal DNS server sends a query to the authoritative name server for therequested domain name. The authoritative name server responds to the DNSserver with an appropriate IP address (e.g., 172.16.56.76). The DNSserver sends the IP address to the client. The client uses the IPaddress to initiate a connection to a website at the requested domainname. Note that the DNS protocol cannot resolve the part of URLs thatindicates the path such as the part after the domain name inwww.company.com/app1.html (i.e., /app1.html), as the path is not adomain name or a subdomain name. Thus, a DNS query app1.html hosted atwww.company.com can be resolved only up to www.company.com.

The GSS supports several (e.g., over 4000) separate VIP addresses. Itcoordinates the activities of ACEs by acting as the authoritative DNSserver for the devices (e.g., servers) under its control. The name spacerecords in local DNS servers point to the GSSs located at the nearestdatacenter. The GSS determines which datacenter site should receive theclient traffic. As the authoritative name server for a domain orsubdomain, the GSS considers several factors when responding to a DNSrequest, such as availability (e.g., servers that are online andavailable to respond to the query); proximity (e.g., server thatresponded the fastest to a query); load (e.g., type of traffic loadhandled by servers in the domain); source of the request (e.g., DNSserver requesting the content); and preference (e.g., first, second, orthird choice of the loadbalancing algorithm to use when responding to aquery), among other factors (e.g., country specific policies).

When resolving DNS requests, the GSS performs a series of distinctoperations that take into account the resources under its control andreturn a suitable VIP to the DNS server. For example, an end user typesin www.company.com in an address field of the client (e.g., browser) inorder to download an updated version of an application from the websiteat www.company.com. The domain name may be hosted at three differentdatacenters. The DNS server processes the request and the requestarrives at the GSS in one of the datacenters hosting the domain name.The GSS sends to the client the IP address of the suitable ACE, forexample, at datacenter 2. The client processes the transmitted IPaddress and is directed to the ACE at datacenter 2.

In addition to specifying a resource, GSS can also be configured with anoption of specifying a keepalive for a resource in the datacenter. GSSperiodically checks to determine if a resource is still active using akeepalive protocol (e.g., Keep Alive Appliance Protocol (KAL-AP)), whichis a specific interaction (e.g., handshake) between the GSS and anotherdevice. A keepalive is designed to test if a specific protocol on thedevice is functioning properly. If the handshake is successful, then thedevice is available, active, and able to receive traffic. If thehandshake fails, then the device is considered to be unavailable andinactive. The GSS uses keepalives to collect and track information fromthe online status of VIP addresses to services and applications runningon a server.

GSS devices respond to DNS queries and perform keepalives to provideglobal server loadbalancing functionality. Additionally, a designatedGSS may act as a central management device and host an embedded GSS datastore (e.g., database) that contains shared configuration information,such as DNS rules, and individual device configuration for each GSS thatit controls. Configuration changes may be made to the designated GSS andthe changes are automatically communicated to each registered GSS. TheGSS performs routing of DNS queries based on the DNS rules andconditions created from the designated GSS. Each GSS is known to andsynchronized with the designated GSS. Synchronization occursautomatically between the two devices whenever the GSS networkconfiguration changes. Updates are packaged and sent to the designatedGSS using a secure connection between the two devices.

Within a single datacenter, an ACE typically distributes load across agroup of servers in a server farm and represents the group (ordatacenter) by a VIP address. Thus, each datacenter may be identified bya corresponding VIP address for a specific domain name—each VIP addressacts as the publicly addressable front end of the datacenter for thatspecific domain name. Behind each ACE are transaction servers, databaseservers, and mirrored origin servers (among other compute, storage, andnetwork resources) offering a wide variety of content (e.g., websites,applications). The GSS communicates directly with the ACEs representingeach datacenter by collecting statistics on availability and load foreach ACE and VIP.

Each application in the datacenter may have a distinct URL (e.g.www.company.com/app1.html, www.company.com/app2.html), albeit with thesame domain name (e.g., company.com). Generally, resolution of DNSqueries is performed only on the domain name, without distinguishingbetween the paths of the different applications. The GSS may reply to anincoming client request for DNS resolution with the suitable VIP at thatpoint of time for the client for that domain name. The client maysubsequently establish connection with the VIP in the DNS reply, but theVIP may represent a datacenter that may not be hosting the requestedapplication. The ACE may send an HTTP redirect back to the client,informing the client of the correct VIP. The client can then sendanother request to the correct VIP. For example, an HTTP request fromthe client may hit the ACE with URL http://www.company.com/app1.html.The ACE may send an HTTP redirect message back asking the requestor toconnect to URL http://www-app1.company.com. The requestor maysubsequently perform a DNS resolution for the redirect URL and reachanother datacenter where the application is supported on server app1.However, due to branding and security related issues, redirecting theHTTP request may not be an acceptable solution in certain deployments.

An alternative mechanism may be to forward the HTTP request from thedatacenter that received the request to another datacenter that canserve the request. The ACE may select the other datacenter after adetermination about the appropriate datacenter that can serve therequest. Thus, VIP addresses hosted in other datacenters may have to beconfigured on the ACE as real servers. Moreover, each ACE in eachdatacenter may have to be configured with all locally non-supportedapplications (e.g., identified by URL match criteria) and associatedremote VIPs in other datacenters where that application is supported.The ACE may also monitor the health of the application in substantiallyall the other datacenters and select a suitable datacenter that canserve the HTTP request. Such configuration can lead to excessiveoverhead on the ACEs, especially where numerous applications are hostedasymmetrically in myriad datacenters. When a new application is added inone of the datacenters, the configuration change may have to bereplicated in substantially all ACEs in the system.

Yet another mechanism may be to connect all datacenters in a ring andthen if any one ACE cannot serve a request locally, it can simplyforward the request to the next datacenter. However, such an approachcan result in suboptimal choice and the request-response path couldbecome multiple hops with several nodes in the request-response path.

Communication system 10 is configured to address these issues (andothers) in offering a system and method for seamless application hostingand migration in a network environment. Embodiments of communicationsystem 10 include mechanisms for forwarding an HTTP request 36 tosuitable datacenters (e.g., datacenter 18(2)) when the request cannot beserved locally (e.g., at datacenter 18(1)). During operation, elementsof communication system 10 may implement three distinct flows: (1)configuration flow; (2) monitor flow; and (3) data flow.

In the configuration flow, ACE 16(2) may be configured with anapplication configuration (“App Config”) 28, specifying the appropriateURL (e.g., www.company.com/app1.html) and the specific servers 24 whereapplication 26 is available. App config 28 may be included in a URLmatch policy within ACE 16(2). In one embodiment, the user (e.g.,network administrator) may include App Config 28 manually (orsemi-manually) in ACE 16(2)'s URL match policy. In another embodiment,when application 26 is installed on servers 24, application 26 may pushApp Config 28 to ACE 16(2). ACE 16(2) may subsequently include AppConfig 28 in its URL match policy. ACE 16(2) may respond to HTTP request36 for application 26, based on information from App Config 28 in itsURL match policy. The URL (e.g., http://www.company.com/app1.html) ofapplication 26 may be indicated in HTTP request 36.

According to various embodiments, ACE 16(2) may push information fromApp Config 28 to GSS 22(2) in a VIP URL Configuration (“VIP URL Config”)30, which includes the specific VIP (e.g., VIP2) and URL associated withapplication 26 at the specific domain name. VIP URL Config 30 canindicate the specific datacenter represented by the VIP (e.g., VIP2) atwhich application 26 (identified by its URL www.company.com/app1.html)may be served. VIP URL Config 30 may be in any suitable format, based onparticular network needs. For example, VIP URL Config 30 may becommunicated using Remote Procedure Call (RPC), DNS request, anextension of KAL-AP messages, or such other message exchange mechanisms.GSS 22(2) may propagate VIP URL Config 30 to GSS 22(1) (and other GSSsin a cluster of the domain), for example, using RPC. Thus, GSS 22(2) andGSS 22(1) may synchronize the application configuration information andstore the information at respective local storage devices (e.g.,databases), based on particular needs.

In the monitor flow, application 26 may be monitored for variousparameters. For example, a health of application 26 may be monitored, todetermine the status of the server it is available on, whether or notcontent being returned by the server is correct and should be deliveredto client 12, the status of application 26, and other parameters. Inanother example, the configuration of application 26 may be monitored,to determine any changes to its location (e.g., such as moving from onedatacenter to another), or other configuration parameters. Any changesin application 26 determined from the monitoring may be propagated toGSS 22(1) and 22(2) through the synchronization mechanism.

The KAL-AP mechanism used between GSS 22(2) and ACE 16(2) for loadmonitoring may be enhanced to include load factors per application,which may be an improvement from current mechanisms where loadbalancingconsiders the number of servers, but may not consider the actual load onthe server at the application level. In specific embodiments, KAL-AP maybe improved with application aware features. In embodiments ofcommunication system 10, an application specific load can be obtainedusing KAL-AP-by-tag instead of KAL-AP-by-VIP (e.g., since the same VIPmay support multiple applications) to map a tag to application 26 andalso to account for actual load on real servers 24. The information usedby KAL-AP-by-tag features may be available from local probing by ACE16(2) to real servers 24.

In the data flow, an end user at client 12 may want to load application26 from a specific URL (e.g., www.company.com/app1.html). Because theapplication URL cannot be resolved down to the application location (asthe DNS protocol only permits resolution up to the domain name level,and does not include the path), client 12 may send a DNS query 32 to DNSserver 14 for the specific domain name (www.company.com), rather thanthe entire URL. DNS server 14 may query GSS 22(1), which may be thenearest authoritative name server for the domain. GSS 22(1) maydetermine that VIP1 is suitable for DNS server 14, and provide VIP1 toDNS server 14. DNS server 14 may send a DNS response 34, including VIP1to client 12. Client 12 may send an HTTP request 36 for application 26(e.g., www.company.com/app1.html) to VIP1, at which ACE 16(1) islocated.

In various embodiments, ACE 16(1) may look up its URL match policy todetermine whether requested application 26 is available at datacenter18(1). ACE 16(1) may determine that datacenter 18(1) does not hostapplication 26. When the determination indicates that application 26 isnot available at datacenter 18(1), the request may reach a defaulthandler in ACE 16(1). The default handler may query local GSS 22(1) witha VIP URL query 38. VIP URL query 38 may provide the requested URL(e.g., www.company.com/app1.html) and other parameters (e.g., IP addressof client 12) and inquire about a matching VIP associated with the URL.GSS 22(1) may respond with a selected VIP address 40. Selected VIPaddress 40 may specify VIP2, at which ACE 16(2) is located, based on VIPURL Config 30, propagated to GSS 22(2) by GSS 22(1). Subsequently, ACE16(1) may forward HTTP request 36 to ACE 16(2). ACE 16(2) may respondappropriately with an HTTP response 42, based on App Config 28 in itsURL match policy. ACE 16(1) may forward HTTP response 42 to client 12.

In various embodiments, ACEs (e.g., ACEs 16(1) and 16(2)) may beconfigured with URLs and associated VIP addresses of applications (e.g.,application 26) available in respective datacenters (e.g., datacenters18(1) and 18(2)). For URL forwarding to a datacenter that hosts arequested application (e.g., application 26), instead of having all theapplications and their associated VIP addresses in various datacentersconfigured on each ACE in each datacenter, it may be sufficient toconfigure only the specific ACE (e.g., ACE 16(2)) in the datacenter(e.g., datacenter 18(2)) that supports the application (e.g.,application 26). The ACE (e.g., ACE 16(2)) may communicate theconfiguration to its local GSS (e.g., GSS 22(2)) and make use of the GSScluster to propagate the configuration to all GSSs in the cluster acrossmultiple datacenters. Embodiments of communication system 10 can also beused when applications are symmetrically distributed across datacentersto support failover cases. If an application is configured on ACE 16(1)in datacenter 18(1), and an incoming request matches the URL, but theserver (or the application) is down at that point, ACE 16(1) can beconfigured to query local GSS 22(1) to get an alternative VIP from theother datacenters.

According to various embodiments, a suitable VIP for forwarding HTTPrequest 36 may be chosen, while avoiding the health monitoring of thedatacenters associated with each of ACEs 16(1) and 16(2). In someembodiments, GSS 22(1) and 22(2) can choose a suitable VIP (e.g., VIP2)as selected VIP address 40 based on their awareness of the specific VIPaddresses that each hosted application maps to, and the load on eachVIP. In such embodiments, ACEs 16(1) and 16(2) need not be aware oflocations where available applications are supported in the domain.Additionally, existing health monitoring schemes, such as KAL-AP may beused to report VIP and real server availability. The processing of HTTPrequest 36 may be transparent to client 12. For example, client 12 maysend HTTP request 36 to ACE 16(1) at VIP1, and receive HTTP response 42from ACE 16(1) at VIP1. Client 12 may not communicate with ACE 16(2)throughout the session, and may not be aware that HTTP request 36 isbeing served at a different VIP (e.g., VIP2) than VIP1.

If application 26 is supported on multiple datacenters withcorresponding distinct VIP addresses (e.g., VIP3, VIP4, VIP5, etc.), GSS22(1) may select a specific VIP as selected VIP address 40 based on atleast load distribution among substantially all GSSs in the plurality ofdatacenters, geographical proximity of each datacenter to client 12and/or intelligent policies. For example, GSS 22(1) may perform a VIPaddress selection based on load since GSS 22(1) already monitors andmaintains load of all VIP addresses under the domain name company.comusing the KAL-AP mechanism (or other mechanisms such as SNMP probing,simple ping, etc.) GSS 22(1) may also support VIP address selectionbased on geographical proximity (e.g., GSS 22(1) may have a GeoDBdatabase). GSS 22(1) can even select a datacenter that is closest todatacenter 18(1) where HTTP request 36 was first received.

Turning to the infrastructure of communication system 10, the networktopology can include any number of servers, virtual machines, switches(including distributed virtual switches), routers, and other nodesinter-connected to form a large and complex network. A node may be anyelectronic device, client, server, peer, service, application, or otherobject capable of sending, receiving, or forwarding information overcommunications channels in a network. Elements of FIG. 1 may be coupledto one another through one or more interfaces employing any suitableconnection (wired or wireless), which provides a viable pathway forelectronic communications. Additionally, any one or more of theseelements may be combined or removed from the architecture based onparticular configuration needs. Communication system 10 may include aconfiguration capable of TCP/IP communications for the electronictransmission or reception of data packets in a network. Communicationsystem 10 may also operate in conjunction with a User DatagramProtocol/Internet Protocol (UDP/IP) or any other suitable protocol,where appropriate and based on particular needs. In addition, gateways,routers, switches, and any other suitable nodes (physical or virtual)may be used to facilitate electronic communication between various nodesin the network.

Note that the numerical and letter designations assigned to the elementsof FIG. 1 do not connote any type of hierarchy; the designations arearbitrary and have been used for purposes of teaching only. Suchdesignations should not be construed in any way to limit theircapabilities, functionalities, or applications in the potentialenvironments that may benefit from the features of communication system10. It should be understood that communication system 10 shown in FIG. 1is simplified considerably for ease of illustration.

The example network environment, including networks 20(1) and 20(2) maybe configured over a physical infrastructure that may include one ormore networks and, further, may be configured in any form including, butnot limited to, local area networks (LANs), wireless local area networks(WLANs), VLANs, metropolitan area networks (MANs), WANs, virtual privatenetworks (VPNs), Intranet, Extranet, any other appropriate architectureor system, or any combination thereof that facilitates communications ina network. In some embodiments, a communication link may represent anyelectronic link supporting a LAN environment such as, for example,cable, Ethernet, wireless technologies (e.g., IEEE 802.11x), ATM, fiberoptics, etc. or any suitable combination thereof. In other embodiments,communication links may represent a remote connection through anyappropriate medium (e.g., digital subscriber lines (DSL), telephonelines, T1 lines, T3 lines, wireless, satellite, fiber optics, cable,Ethernet, etc. or any combination thereof) and/or through any additionalnetworks such as a wide area networks (e.g., the Internet).

In some embodiments, datacenters 18(1) and 18(2) may be physicallygeographically separated from each other (e.g., datacenter 18(1) locatedin California and datacenter 18(2) located in North Carolina). In otherembodiments, datacenters 18(1) and 18(2) may be physically separated bynetwork elements (e.g., datacenter 18(1) separated from datacenter 18(2)with one or more firewalls that control communication between the twonetworks) although they may be located in close proximity (e.g., withinthe same building). In yet other embodiments, datacenters 18(1) and18(2) may be logically separated by virtual network elements in a commonphysical infrastructure (e.g., datacenters 18(1) and 18(2) may comprisetwo distinct distributed virtual switches controlling distinct virtualmachines).

ACEs 16(1) and 16(2) are server loadbalancers (SLBs) or other suchnetwork elements, at which VIP addresses, uniform resource locator (URL)match policies, and servers are configured (among other features). GSS22(1) and 22(2) are multi-datacenter SLBs or other such network elementsconfigured to choose a server (or SLB) from several servers (or SLBs) ina multi-datacenter network environment. ACEs 16(1) and 16(2), and GSS22(1) and 22(2) may be hardware SLBs, or software SLBs. In variousembodiments, ACEs 16(1) and 16(2) and GSS 22(1) and 22(2) may becollocated with (or coupled to) a server. In other embodiments, they mayeach be a separate independent network element.

Embodiments of communication system 10 can avoid use of URL redirect,and configuration of multiple ACEs in various datacenters for eachapplication. Embodiments can also avoid health monitoring of otherdatacenters from an ACE in one datacenter, as GSS can monitor VIPaddresses of all datacenters. Moreover, features like KAL-AP can beimproved, with better application aware features.

Turning to FIG. 2, FIG. 2 is a simplified block diagram illustratingexample details of an embodiment of communication system 10.Representative ACE 16 in representative datacenter 18 may include a URLmatch policy 44, a service module 46, a default handler 48, a forwardmodule 50, a push module 52, a monitor module 53, a processor 54, and amemory element 56. Representative GSS 22 may include a VIP URLConfiguration module 58, a VIP URL Configuration store 60, a propagatemodule 62, a selection module 64, a processor 66 and a memory element68.

HTTP request 36 for application 26 may specify the URL for application26, including a domain name and a path (e.g.,www.company.com/app1.html). ACE 16 may lookup URL matching policy 44 todetermine if it can serve HTTP request 36. If HTTP request 36 can beserved (e.g., application 26 is available in datacenter 18), servicemodule 46 may find appropriate application server 24 in datacenter 18that hosts application 26, and forward HTTP request 36 to theappropriate server 24. When server 24 responds with HTTP response 42,HTTP response 42 may be relayed back to client 12.

The URL of application 26 may be included in URL match policy 44 throughApp Config 28. In various embodiments, App Config 28 may include the URLand corresponding server(s) where application 26 is located. In oneembodiment, when application 26 is installed in datacenter 18, AppConfig 28 may be included in URL match policy 44. When application 26 isremoved from the datacenter, the URL may be removed from URL matchpolicy 44.

Push module 52 may push information from App Config 28 to GSS 22 in VIPURL Config 30. VIP URL Config 30 may include the VIP address of ACE 16,and the URL of application 26. In specific embodiments, VIP URL Config30 may include a URL match condition configured on ACE 16 (e.g.,represented as a regular expression match). In some embodiments, URLs ofsubstantially all applications supported by ACE 16 may be included inVIP URL Config 30. In other embodiments, each application supported byACE 16 may correspond to a different VIP URL Config 30. VIP URL Config30 may be in any suitable format, based on particular needs ofcommunication system 10. In some embodiments, VIP URL Config 30 may beperiodically pushed to GSS 22. In other embodiments, VIP URL Config 30may be pushed to GSS 22 only when there is a change in URL match policy44 (e.g., application added or removed). Monitor module 53 may monitorapplication 26, and push any change to GSS 22 via VIP URL Config 30. Insome embodiments, monitor module 53 may use KAL-AP (or other suchmechanisms, such as remote procedure call) for communicating VIP URLConfig 30.

VIP URL Configuration module 58 may receive VIP URL Config 30 and storeit in VIP URL Configuration store 60. VIP URL Configuration store 60 maybe any suitable database, storage device, or other network element thatis configured to store and retrieve information. In some embodiments,VIP URL Configuration store 60 may be located at a single GSS (e.g.,designated GSS that manages the other GSS in the cluster) in a remotedatacenter, and accessible by GSS 22. In other embodiments, each GSS inthe cluster may maintain VIP URL Configuration store 60 in respectivedatacenters. VIP URL Configuration store 60 may store information in VIPURL Config 30 in any suitable format.

Propagate module 62 may propagate VIP URL Config 30 to various remoteGSS in communication system 10. In some embodiments, the propagation maybe implemented as part of the synchronization mechanism between thevarious GSS. In other embodiments, the propagation may be implemented asa separate process. GSS 22 may store VIP URL Config 30 received viapropagation from other GSS in VIP URL Configuration store 60. Thus, VIPURL Configuration store 60 may include a list of VIP addresses andcorresponding application URLs supported at the VIP addresses acrossmultiple datacenters.

Referring back to HTTP request 36, if the requested application in HTTPrequest 36 is not available at datacenter 18, HTTP request 36 may betransferred to default handler 48. Default handler 48 may send VIP URLquery 38 to GSS 22. VIP URL query 38 may query GSS 22 for a suitable VIPaddress that can satisfy HTTP request 36. Selection module 64 in GSS 22may access VIP URL Configuration store 60 and run a selection algorithmto determine a suitable VIP. For example, if only one VIP address isassociated with the requested URL, GSS 22 may provide that VIP addressas selected VIP address 40. If the application is available at multipledatacenters, VIP URL Configuration store 60 may indicate multiple VIPaddresses for the requested URL. The selection algorithm may choose asuitable VIP address based on several considerations, includingloadbalance, geographical proximity, and/or other intelligent policiesand return a suitable VIP address. GSS 22 may subsequently provideselected VIP address 40 to ACE 16.

Forward module 50 in ACE 16 may forward HTTP request 36 to selected VIPaddress 40. The ACE at selected VIP address 40 may respond appropriatelywith HTTP response 42, which may be forwarded to the client by forwardmodule 50. In various embodiments, ACE 16 may use processor 54 andmemory element 56 to perform the operations described herein. Likewise,GSS 22 may use processor 66 and memory element 68 to perform theoperations described herein.

Turning to FIG. 3, FIG. 3 is a simplified block diagram illustrating ascenario where application 26 is available at multiple datacenters16(2)-16(N) in communication system 10. For ease of explanation, assumethat datacenter 16(1) does not host application 26. ACEs 16(2)-16(N) maypush respective VIP address and URL of application 26 to respectivelocal GSS 22(2)-22(N). GSS 22(2)-22(N) may propagate the information toall other GSS, so that substantially all GSS 22(1)-22(N) may haveinformation about all VIP addresses associated with application 26. IfACE 16(1) receives a request for application 26, and it queries GSS22(1), GSS 22(1) may respond with a suitable VIP address selected fromthe aggregated propagated information.

Turning to FIG. 4, FIG. 4 is a simplified flow diagram illustratingexample configuration activities that may be associated with anembodiment of communication system 10. Operations 100 may start at 102,when ACE 16 is turned on. Application 26 may be added to datacenter 18at 104. At 106, App Config 28 may be added to ACE 16's URL match policy44. In some embodiments, application 26 may push App Config 28 to ACE16. In other embodiments, a network administrator may configure URLmatch policy 44 with application 26's URL. At 108, ACE 16 may push VIPURL Config 30 to local GSS 22. At 110, local GSS 22 may propagate VIPURL Config 30 to remote GSSs in other datacenters. At 112, GSS 22 maystore VIP URL Config 30 in an accessible location (e.g., VIP URLConfiguration store 60). At 114, ACE 16 may monitor application 26. At116, a determination may be made whether there are any changes inapplication 26. If yes, the operations loop back to 106, at which thechanges are added to URL match policy 44. If there are no changes toapplication 26, the process may end at 118.

Turning to FIG. 5, FIG. 5 is a simplified flow diagram illustratingexample data flow activities that may be associated with an embodimentof communication system 10. Operations 150 may start at 152, when ACE 16is activated. At 154, ACE 16 may receive HTTP request 36 for application26 from client 12. At 156, ACE 16 may look up application 26 in URLmatch policy 44. At 158 a determination may be made whether a match isfound. If a match is not found, ACE 16 may query local GSS 22 at 160. At162, local GSS 22 may respond with selected VIP address 40. At 164, ACE16 may forward HTTP request 36 to selected VIP address 40. At 166, ACE16 may receive HTTP response 42 from selected VIP address 40. At 168,ACE 16 may forward HTTP response 42 (received from appropriate server24) to client 12. The operations may end at 170. Referring back to 158,if a match is found, ACE 16 may forward HTTP request 36 to the locallyavailable server at 172. The locally available server may respond withHTTP response 42 at 174, and ACE 16 may forward HTTP response 42 toclient 12 at 168.

Turning to FIG. 6, FIG. 6 is a simplified flow diagram illustratingexample operational steps associated with embodiments of communicationsystem 10. Operations 200 may include a configuration flow 202, amonitor flow 204, and a data flow 206. Configuration flow 202 mayinclude 208, at which ACE 16(1) (“ACE1”) in datacenter 18(1) adds AppConfig 28 in URL match policy 44. At 210, ACE 16(1) may push VIP URLConfig 30 to local GSS 22(1) (“GSS1”) in datacenter 18(1). Local GSS22(1) may propagate VIP URL Config 30 to remote GSS 22(2) (“GSS2”) toGSS 22(N) (“GSS-N”) at 212. At 214, substantially all GSS 22(2)-22(N)may synchronize VIP URL Config 30.

Monitor flow 204 may include 216, at which application 26 may bemonitored. At 218, any change in application 26 may be propagated tosubstantially all GSS 22(1)-22(N). In some embodiments, the changes maybe propagated to URL match policy 44, then pushed to respective localGSS (e.g., GSS 22(1)), for example, with the KAL-AP mechanism, andsubsequently, the change may be propagated to other GSSs (e.g., GSS22(2)-22(N)), for example, with the synchronization mechanism. By way ofexamples, and not as limitations, changes in application 26 can include:application 26 is moved to a different server in the same datacenter;application 26 is moved to a different datacenter; application 26 isbrought down for maintenance; servers 24 on which application 26 isavailable are taken off line; several copies of application 26 aredistributed throughout multiple datacenters; etc.

Data flow 204 includes 220, at which ACE 16(2) (“ACE2”) at datacenter18(2) receives HTTP request 36 for application 26. At 222, ACE 16(2) maydetermine that it cannot serve HTTP request 36 (e.g., becauseapplication 26 is down at datacenter 18(2), or application 26 is notavailable at datacenter 18(2), etc.). At 224, ACE 16(2) may query itslocal GSS 22(2) for a suitable VIP address. At 226, GSS 22(2) may accessVIP URL Config 30 stored during operation 212. At 228, GSS 22(2) may runa selection algorithm to select the suitable VIP address. The selectionalgorithm may consider load on the different datacenters, geographicalproximity to client 14, and intelligent policies, among other factors,to select the suitable VIP address. At 230, GSS 22(2) may respond to ACE16(2) with selected VIP address 40. At 232, ACE 16(2) may forward HTTPrequest 36 to selected VIP address 40. At 234, ACE 16(1) may receiveHTTP request 36 and look up URL match policy 44 to determine thelocation of application 26 (see operation 206), and respondappropriately with HTTP response 42.

Note that in this Specification, references to various features (e.g.,elements, structures, modules, components, steps, operations,characteristics, etc.) included in “one embodiment”, “exampleembodiment”, “an embodiment”, “another embodiment”, “some embodiments”,“various embodiments”, “other embodiments”, “alternative embodiment”,and the like are intended to mean that any such features are included inone or more embodiments of the present disclosure, but may or may notnecessarily be combined in the same embodiments.

In example implementations, at least some portions of the activitiesoutlined herein may be implemented in software in, for example, ACE 16and GSS 22. In some embodiments, one or more of these features may beimplemented in hardware, provided external to these elements, orconsolidated in any appropriate manner to achieve the intendedfunctionality. The various network elements may include software (orreciprocating software) that can coordinate in order to achieve theoperations as outlined herein. In still other embodiments, theseelements may include any suitable algorithms, hardware, software,components, modules, interfaces, or objects that facilitate theoperations thereof.

Furthermore, ACE 16 and GSS 22 described and shown herein (and/or theirassociated structures) may also include suitable interfaces forreceiving, transmitting, and/or otherwise communicating data orinformation in a network environment. Additionally, some of theprocessors and memory elements associated with the various nodes may beremoved, or otherwise consolidated such that a single processor and asingle memory element are responsible for certain activities. In ageneral sense, the arrangements depicted in the FIGURES may be morelogical in their representations, whereas a physical architecture mayinclude various permutations, combinations, and/or hybrids of theseelements. It is imperative to note that countless possible designconfigurations can be used to achieve the operational objectivesoutlined here. Accordingly, the associated infrastructure has a myriadof substitute arrangements, design choices, device possibilities,hardware configurations, software implementations, equipment options,etc.

In some of example embodiments, one or more memory elements can storedata used for the operations described herein. This includes the memoryelement (e.g., memory elements 56 and 68) being able to storeinstructions (e.g., software, logic, code, etc.) in non-transitorycomputer readable media, such that the instructions are executed tocarry out the activities described in this Specification. A processorcan execute any type of instructions associated with the data to achievethe operations detailed herein in this Specification. In one example,processors (e.g., processors 54 and 66) could transform an element or anarticle (e.g., data) from one state or thing to another state or thing.In another example, the activities outlined herein may be implementedwith fixed logic or programmable logic (e.g., software/computerinstructions executed by a processor) and the elements identified hereincould be some type of a programmable processor, programmable digitallogic (e.g., a field programmable gate array (FPGA), an erasableprogrammable read only memory (EPROM), an electrically erasableprogrammable read only memory (EEPROM)), an ASIC that includes digitallogic, software, code, electronic instructions, flash memory, opticaldisks, CD-ROMs, DVD ROMs, magnetic or optical cards, other types ofmachine-readable mediums suitable for storing electronic instructions,or any suitable combination thereof.

These devices may further keep information in any suitable type ofnon-transitory storage medium (e.g., random access memory (RAM), readonly memory (ROM), field programmable gate array (FPGA), erasableprogrammable read only memory (EPROM), electrically erasableprogrammable ROM (EEPROM), etc.), software, hardware, or in any othersuitable component, device, element, or object where appropriate andbased on particular needs. The information being tracked, sent,received, or stored in communication system 10 could be provided in anydatabase, register, table, cache, queue, control list, or storagestructure, based on particular needs and implementations, all of whichcould be referenced in any suitable timeframe. Any of the memory itemsdiscussed herein should be construed as being encompassed within thebroad term “memory element.” Similarly, any of the potential processingelements, modules, and machines described in this Specification shouldbe construed as being encompassed within the broad term “processor.”

It is also important to note that the operations and steps describedwith reference to the preceding FIGURES illustrate only some of thepossible scenarios that may be executed by, or within, the system. Someof these operations may be deleted or removed where appropriate, orthese steps may be modified or changed considerably without departingfrom the scope of the discussed concepts. In addition, the timing ofthese operations may be altered considerably and still achieve theresults taught in this disclosure. The preceding operational flows havebeen offered for purposes of example and discussion. Substantialflexibility is provided by the system in that any suitable arrangements,chronologies, configurations, and timing mechanisms may be providedwithout departing from the teachings of the discussed concepts.

Although the present disclosure has been described in detail withreference to particular arrangements and configurations, these exampleconfigurations and arrangements may be changed significantly withoutdeparting from the scope of the present disclosure. For example,although the present disclosure has been described with reference toparticular communication exchanges involving certain network access andprotocols, communication system 10 may be applicable to other exchangesor routing protocols. Moreover, although communication system 10 hasbeen illustrated with reference to particular elements and operationsthat facilitate the communication process, these elements, andoperations may be replaced by any suitable architecture or process thatachieves the intended functionality of communication system 10.

Numerous other changes, substitutions, variations, alterations, andmodifications may be ascertained to one skilled in the art and it isintended that the present disclosure encompass all such changes,substitutions, variations, alterations, and modifications as fallingwithin the scope of the appended claims. In order to assist the UnitedStates Patent and Trademark Office (USPTO) and, additionally, anyreaders of any patent issued on this application in interpreting theclaims appended hereto, Applicant wishes to note that the Applicant: (a)does not intend any of the appended claims to invoke paragraph six (6)of 35 U.S.C. section 112 as it exists on the date of the filing hereofunless the words “means for” or “step for” are specifically used in theparticular claims; and (b) does not intend, by any statement in thespecification, to limit this disclosure in any way that is not otherwisereflected in the appended claims.

What is claimed is:
 1. A method, comprising: receiving a hypertexttransfer protocol (HTTP) request from a client for an application at afirst datacenter at which the application is not available; querying afirst global site selector (GSS) configured to identify a seconddatacenter at which the application is available, wherein the seconddatacenter is identified by a selected virtual Internet Protocol (VIP)address; forwarding the HTTP request to the selected VIP address; andresponding to the client with an HTTP response received from theselected VIP address.
 2. The method of claim 1, wherein the first GSSidentifies the second datacenter from a VIP uniform resource locator(URL) Configuration, and wherein the VIP URL Configuration includes theselected VIP address corresponding to a URL of the application.
 3. Themethod of claim 2, wherein a change in configuration of the applicationis reflected in the VIP URL Configuration.
 4. The method of claim 2,wherein: the application is available at a plurality of datacenters, theVIP URL configuration indicates a plurality of VIP addressescorresponding to the URL of the application, and the first GSS selectsthe selected VIP address from the plurality of VIP addresses based on atleast: load distribution among substantially all GSSs in the pluralityof datacenters, geographical proximity to the client of each datacenterin the plurality of datacenters, or policies.
 5. The method of claim 1,further comprising: configuring a URL of the application on a second GSSin the second datacenter; and propagating the URL and the selected VIPaddress to the first GSS.
 6. The method of claim 5, wherein theconfiguring the URL of the application comprises pushing the selectedVIP address and the URL of the application from an application controlengine (ACE) in the second datacenter to the second GSS.
 7. The methodof claim 6, wherein the URL of the application is added to a URL matchpolicy in the ACE.
 8. The method of claim 7, wherein the URL of theapplication is added to the URL match policy when the application isadded to the second datacenter.
 9. The method of claim 1, wherein theHTTP request includes a URL of the application, wherein the URLspecifies a domain name and a path.
 10. The method of claim 1, furthercomprising: identifying a URL match policy to determine whether theapplication is available at the first datacenter.
 11. Logic encoded innon-transitory media that includes instructions for execution and whenexecuted by a processor, is operable to perform operations comprising:receiving a hypertext transfer protocol (HTTP) request from a client foran application at a first datacenter at which the application is notavailable; querying a first global site selector (GSS) configured toidentify a second datacenter at which the application is available,wherein the second datacenter is identified by a selected virtualInternet Protocol (VIP) address; forwarding the HTTP request to theselected VIP address; and responding to the client with an HTTP responsereceived from the selected VIP address.
 12. The logic of claim 11,wherein the first GSS identifies the second datacenter from a VIP URLConfiguration, and wherein the VIP URL Configuration includes theselected VIP address corresponding to a URL of the application.
 13. Thelogic of claim 12, wherein: the application is available at a pluralityof datacenters, the VIP URL configuration indicates a plurality of VIPaddresses corresponding to the URL of the application, and the first GSSselects the selected VIP address from the plurality of VIP addressesbased on at least: load distribution among substantially all GSSs in theplurality of datacenters, geographical proximity to the client of eachdatacenter in the plurality of datacenters, or policies.
 14. The logicof claim 11, the operations further comprising: configuring a URL of theapplication on a second GSS in the second datacenter; and propagatingthe URL and the selected VIP address to the first GSS.
 15. The logic ofclaim 14, wherein the configuring the URL of the application includespushing the selected VIP address and the URL of the application from anACE in the second datacenter to the second GSS.
 16. An apparatus,comprising: a memory element for storing data; and a processor thatexecutes instructions associated with the data, wherein the processorand the memory element cooperate such that the apparatus is configuredto: receive a hypertext transfer protocol (HTTP) request from a clientfor an application at a first datacenter at which the application is notavailable; query a first global site selector (GSS) configured toidentify a second datacenter at which the application is available,wherein the second datacenter is identified by a selected virtualInternet Protocol (VIP) address; forward the HTTP request to theselected VIP address; and respond to the client with an HTTP responsereceived from the selected VIP address.
 17. The apparatus of claim 16,wherein the first GSS identifies the second datacenter from a VIP URLConfiguration, wherein the VIP URL Configuration includes the selectedVIP address corresponding to a URL of the application.
 18. The apparatusof claim 17, wherein: the application is available at a plurality ofdatacenters, the VIP URL configuration indicates a plurality of VIPaddresses corresponding to the URL of the application, and the first GSSselects the selected VIP address from the plurality of VIP addressesbased on at least: load distribution among substantially all GSSs in theplurality of datacenters, geographical proximity to the client of eachdatacenter in the plurality of datacenters, or policies.
 19. Theapparatus of claim 16, wherein the apart us is further configured to:configure a URL of the application on a second GSS in the seconddatacenter; and propagate the URL and the selected VIP address to thefirst GSS.
 20. The apparatus of claim 19, wherein the configuring theURL of the application includes pushing the selected VIP address and theURL of the application from an ACE in the second datacenter to thesecond GSS.